[Ming-cvs] [libming/libming] 726c27: Fix buffer overflow in dcputs (buffer missing \0)

SourceForge Headquarters 1320 Columbia Street Suite 310 San Diego, CA 92101 +1 (858) 422-6466

  Branch: refs/heads/master
  Home:   https://github.com/libming/libming
  Commit: 726c2768805c8c95e8ad8e5f09eddc5b16570365
      https://github.com/libming/libming/commit/726c2768805c8c95e8ad8e5f09eddc5b16570365
  Author: Hugo Lefeuvre <hl...@de...>
  Date:   2017-12-05 (Tue, 05 Dec 2017)

  Changed paths:
    M NEWS
    M util/decompile.c

  Log Message:
  -----------
  Fix buffer overflow in dcputs (buffer missing \0)

The dcputs function appends passed string at the end of the global
string buffer (dcstr), adapting the buffer's size if necessary.

Unfortunately, the strsize variable which holds the global buffer's
size is initialized to 0 in dcinit(), which means that no place for
the \0 character is reserved. Hence, whenever dcputs tries to strcat
a string to the global buffer, a byte may be missing leading to a
heap buffer overflow.

This commit addresses this issue (CVE-2017-11732, closes #80).

  Commit: ded97d0373222d3f6939ee4e786eef4605c5f80b
      https://github.com/libming/libming/commit/ded97d0373222d3f6939ee4e786eef4605c5f80b
  Author: Sandro Santilli <st...@kb...>
  Date:   2017-12-05 (Tue, 05 Dec 2017)

  Changed paths:
    M NEWS
    M util/decompile.c

  Log Message:
  -----------
  Merge pull request #96 from hlef/master

Fix buffer overflow in dcputs (buffer missing \0)

Compare: https://github.com/libming/libming/compare/459fb480d9c8...ded97d037322